Dengan Router Mikrotik di tambah
Squid ProxyExternal seperti ubuntu,ClearOs,IpCop Dll…Performa akan menjadi mantab,apalagi menggunakan Squid Lusca…Cache semua pada di telan…Ok berikut ini saya post Cara Setting Hit,Queues Tree,Mangle Mikrotik + Squid Proxy External,Untuk Setting Squid nya nggak saya post karena…Ini Label Mikrotik,Untuk Setting squid lihat di label Squid,,,
Ip Addess MengarahMikrotik =192.168.0.5 Ke Modem (internet)
Ip Address Mengarah Local =192.168.34.1 Ke Client
Ip Address Mengarah Squid Proxy =192.168.35.1 Ke Squid Proxy
Ip Address Mengarah Local =192.168.34.1 Ke Client
Ip Address Mengarah Squid Proxy =192.168.35.1 Ke Squid Proxy
Ip Address Squid Proxy =192.168.35.2 Ip Squid Proxy External
Terobosan….:
Client Download dari Modem dilimit dengan queue tree,jika file datanya telah tersimpan di Squid Proxy maka otomatis tidak terlimit alias lepas Loss
Untuk client yang download file seperti .flv .exe .rar .zip youtube dll…..dilimit 1 MB untuk semua file bagi rata,kecuali yang berbau bokep….bokep saya kasih 128 aja bagi rata…..nah…jika extention seperti .flv .exe .rar .zip youtube dll tersebut pernah di download…otomatis tersimpan di Squid proxy ..dan otomatis tidak terlimit extention tersebut…alias lepas loss….
Untuk ping ….ini perlu….bagi bagi client yang main poker,pointblank,atau game lainnya..saya gunakan queue tree juga…tapi tidak di limit…
Untuk Upload…tidak perlu di limit…demi kenyamanan pemain game
Berikut langkahnya dari awal…dari Router Mikrotik belum berisi..alias kosong…:
Kita mainkan di new terminal semua:
1. Set interface:
/interface set 0 name=public \
;/interface set 1 name=local \
;/interface set 2 name=proxy
;/interface set 1 name=local \
;/interface set 2 name=proxy
2. Set Ip address (Sesuaikan Ip address dgn jaringan anda):
/ip address add address=192.168.0.5 \
netmask=255.255.255.0 \
interface=public \
;/ip address add address=192.168.34.1 \
netmask=255.255.255.0 \
interface=local \
;/ip address add address=192.168.35.1 \
netmask=255.255.255.0 \
interface=proxy
netmask=255.255.255.0 \
interface=public \
;/ip address add address=192.168.34.1 \
netmask=255.255.255.0 \
interface=local \
;/ip address add address=192.168.35.1 \
netmask=255.255.255.0 \
interface=proxy
3. Set Gateway (Sesuaikan Gateway dengan gateway jaringan anda):
/ip route add gateway=192.168.0.1
4. Set DNS (sesuaikan DNS sengan jaringan anda):
A. Cara set DNS Untuk RB Os versi 4.XX kebawah:
/ip dns set primary-dns=203.130.208.18 \
;/ip dns set secondary-dns=203.130.193.74 \
allow-remote-requests=yes
;/ip dns set secondary-dns=203.130.193.74 \
allow-remote-requests=yes
B. Cara set DNS untuk RB Os versi 4.XX keatas:
/ip dns set servers=203.130.208.18,203.130.193.74 \
allow-remote-requests=yes
allow-remote-requests=yes
5. Set Ip Firewall Nat …..termasuk nat untuk redirect ke proxy…saya gunakan port 3128 pada squid saya (ip addressnya sesuaikan dengan jaringan anda):
/ip firewall nat add chain=srcnat out-interface=public \
src-address=192.168.34.0/24 action=masquerade \
src-address-list="wirelessrouterproxy.blogspot.com client" \
comment="LOCAL NAT MASQUERADE"
src-address=192.168.34.0/24 action=masquerade \
src-address-list="wirelessrouterproxy.blogspot.com client" \
comment="LOCAL NAT MASQUERADE"
/ip firewall nat add chain=srcnat out-interface=public \
src-address=192.168.35.0/24 action=masquerade \
src-address-list="wirelessrouterproxy.blogspot.com proxy" \
comment="PROXY NAT MASQUERADE"
/ip firewall nat add action=dst-nat chain=dstnat \
comment="REDIRECT KE PROXY" disabled=no \
dst-port=80,8080,3128 in-interface=local \
protocol=tcp src-address=!192.168.35.0/24 \
to-addresses=192.168.35.2 to-ports=3128
src-address=192.168.35.0/24 action=masquerade \
src-address-list="wirelessrouterproxy.blogspot.com proxy" \
comment="PROXY NAT MASQUERADE"
/ip firewall nat add action=dst-nat chain=dstnat \
comment="REDIRECT KE PROXY" disabled=no \
dst-port=80,8080,3128 in-interface=local \
protocol=tcp src-address=!192.168.35.0/24 \
to-addresses=192.168.35.2 to-ports=3128
/ip firewall nat add action=dst-nat \
chain=dstnat comment="TRANSPARENT DNS UDP LOCAL" \
disabled=no dst-port=53 in-interface=local \
protocol=udp to-ports=53
chain=dstnat comment="TRANSPARENT DNS UDP LOCAL" \
disabled=no dst-port=53 in-interface=local \
protocol=udp to-ports=53
/ip firewall nat add action=dst-nat \
chain=dstnat disabled=no dst-port=53 in-interface=local \
protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP LOCAL"
chain=dstnat disabled=no dst-port=53 in-interface=local \
protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP LOCAL"
/ip firewall nat add action=dst-nat \
chain=dstnat disabled=no dst-port=53 in-interface=proxy \
protocol=udp to-ports=53 comment="TRANSPARENT DNS UDP PROXY"
chain=dstnat disabled=no dst-port=53 in-interface=proxy \
protocol=udp to-ports=53 comment="TRANSPARENT DNS UDP PROXY"
/ip firewall nat add action=dst-nat \
chain=dstnat disabled=no dst-port=53 in-interface=proxy \
protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP PROXY"
chain=dstnat disabled=no dst-port=53 in-interface=proxy \
protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP PROXY"
6. Selanjutnya Keamanan jaringan :
/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER1" \
address-list-timeout=2w chain=input \
comment="PORT SCANNER2 KE ADDRESS \
LIST " disabled=no protocol=tcp psd=21,3s,3,1
address-list="PORT SCANNER1" \
address-list-timeout=2w chain=input \
comment="PORT SCANNER2 KE ADDRESS \
LIST " disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER2" address-list-timeout=2w \
chain=input comment="NMAP FIN Stealth scan" disabled=no \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
address-list="PORT SCANNER2" address-list-timeout=2w \
chain=input comment="NMAP FIN Stealth scan" disabled=no \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER3" address-list-timeout=2w \
chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
address-list="PORT SCANNER3" address-list-timeout=2w \
chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER4" address-list-timeout=2w \
chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
address-list="PORT SCANNER4" address-list-timeout=2w \
chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER5" address-list-timeout=2w \
chain=input comment="FIN/PSH/URG scan" disabled=no \
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
address-list="PORT SCANNER5" address-list-timeout=2w \
chain=input comment="FIN/PSH/URG scan" disabled=no \
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER6" address-list-timeout=2w \
chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
address-list="PORT SCANNER6" address-list-timeout=2w \
chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER7" address-list-timeout=2w \
chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
address-list="PORT SCANNER7" address-list-timeout=2w \
chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=drop chain=input \
comment="BLOK PORT SCANNER" disabled=no \
src-address-list="PORT SCANNER1"
comment="BLOK PORT SCANNER" disabled=no \
src-address-list="PORT SCANNER1"
/ip firewall filter add action=accept chain=input \
comment="IZINKAN MENDIRIKAN KONEKSI" \
connection-state=established disabled=no
comment="IZINKAN MENDIRIKAN KONEKSI" \
connection-state=established disabled=no
/ip firewall filter add action=accept chain=input \
comment="IZINKAN KONEKSI TERKAIT" \
connection-state=related disabled=no
comment="IZINKAN KONEKSI TERKAIT" \
connection-state=related disabled=no
/ip firewall filter add action=accept chain=input \
comment="IZINKAN PING LOCAL" \
disabled=no protocol=icmp \
src-address-list=\
"wirelessrouterproxy.blogspot.com client"
comment="IZINKAN PING LOCAL" \
disabled=no protocol=icmp \
src-address-list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall filter add action=accept chain=input \
comment="IZINKAN PING PROXY" disabled=no \
protocol=icmp src-address-list=\
"wirelessrouterproxy.blogspot.com proxy"
comment="IZINKAN PING PROXY" disabled=no \
protocol=icmp src-address-list=\
"wirelessrouterproxy.blogspot.com proxy"
/ip firewall filter add action=accept chain=input \
comment="IZINKAN INPUT DARI LOCAL" disabled=no \
src-address-list="wirelessrouterproxy.blogspot.com client"
comment="IZINKAN INPUT DARI LOCAL" disabled=no \
src-address-list="wirelessrouterproxy.blogspot.com client"
/ip firewall filter add action=accept chain=input \
comment="IZINKAN INPUT DARI PROXY" disabled=no \
src-address-list="wirelessrouterproxy.blogspot.com proxy"
comment="IZINKAN INPUT DARI PROXY" disabled=no \
src-address-list="wirelessrouterproxy.blogspot.com proxy"
/ip firewall filter add action=jump chain=forward \
comment="FILTER PAKET YANG JELEK" disabled=no \
jump-target=tcp protocol=tcp
comment="FILTER PAKET YANG JELEK" disabled=no \
jump-target=tcp protocol=tcp
/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=udp \
protocol=udp
chain=forward disabled=no jump-target=udp \
protocol=udp
/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=icmp protocol=icmp
chain=forward disabled=no jump-target=icmp protocol=icmp
/ip firewall filter add action=drop chain=tcp \
comment="TOLAK SMTP" disabled=no dst-port=25 \
protocol=tcp
comment="TOLAK SMTP" disabled=no dst-port=25 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment="TOLAK RPC2portmapper" disabled=no \
dst-port=135 protocol=tcp
comment="TOLAK RPC2portmapper" disabled=no \
dst-port=135 protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment="TOLAK NBT" disabled=no dst-port=137-139 \
protocol=tcp
comment="TOLAK NBT" disabled=no dst-port=137-139 \
protocol=tcp
/ip firewall filter add action=drop \
chain=tcp comment="TOLAK CIFS" disabled=no \
dst-port=445 protocol=tcp
chain=tcp comment="TOLAK CIFS" disabled=no \
dst-port=445 protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment="TOLAK NFS" disabled=no dst-port=2049 \
protocol=tcp
comment="TOLAK NFS" disabled=no dst-port=2049 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment="TOLAK NETBUS" disabled=no dst-port=20034 \
protocol=tcp
comment="TOLAK NETBUS" disabled=no dst-port=20034 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment="TOLAK BackOriffice" disabled=no dst-port=\
3133 protocol=tcp
comment="TOLAK BackOriffice" disabled=no dst-port=\
3133 protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment="BLOK DHCP" disabled=no dst-port=67-68 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment="TOLAK P2P" disabled=no p2p=all-p2p
comment="BLOK DHCP" disabled=no dst-port=67-68 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment="TOLAK P2P" disabled=no p2p=all-p2p
/ip firewall filter add action=drop chain=udp \
comment="TOLAK TFTP" disabled=no dst-port=69 \
protocol=udp
comment="TOLAK TFTP" disabled=no dst-port=69 \
protocol=udp
/ip firewall filter add action=drop chain=udp \
comment="TOLAK PRC portmapper" disabled=no \
dst-port=111 protocol=udp
comment="TOLAK PRC portmapper" disabled=no \
dst-port=111 protocol=udp
/ip firewall filter add action=drop chain=udp \
comment="TOLAK PRC portmapper" disabled=no \
dst-port=135 protocol=udp
comment="TOLAK PRC portmapper" disabled=no \
dst-port=135 protocol=udp
/ip firewall filter add action=drop chain=tcp \
comment="TOLAK NETBUS" disabled=no \
dst-port=12345-12346 protocol=tcp
comment="TOLAK NETBUS" disabled=no \
dst-port=12345-12346 protocol=tcp
/ip firewall filter add action=drop chain=udp \
comment="BLOK NBT" disabled=no dst-port=137-139 \
protocol=udp
comment="BLOK NBT" disabled=no dst-port=137-139 \
protocol=udp
/ip firewall filter add action=drop chain=udp \
comment="BLOK NFS" disabled=no dst-port=2049 \
protocol=udp
comment="BLOK NFS" disabled=no dst-port=2049 \
protocol=udp
/ip firewall filter add action=drop \
chain=udp comment="TOLAK BackOriffice" \
disabled=no dst-port=3133 protocol=udp
chain=udp comment="TOLAK BackOriffice" \
disabled=no dst-port=3133 protocol=udp
/ip firewall filter add action=accept chain=icmp \
comment="limit packets 5/secs" disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp
comment="limit packets 5/secs" disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp \
comment="limit packets 5/secs" disabled=no \
icmp-options=3:0 protocol=icmp
comment="limit packets 5/secs" disabled=no \
icmp-options=3:0 protocol=icmp
/ip firewall filter add action=accept \
chain=icmp comment="limit packets 5/secs" \
disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
chain=icmp comment="limit packets 5/secs" \
disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp \
comment="limit packets 5/secs" disabled=no \
icmp-options=3:4 limit=5,5 protocol=icmp
comment="limit packets 5/secs" disabled=no \
icmp-options=3:4 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp \
comment="limit packets 5/secs" disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp
comment="limit packets 5/secs" disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept \
chain=icmp comment="limit packets 5/secs" \
disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
chain=icmp comment="limit packets 5/secs" \
disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=forward \
comment="Allow Established connections" \
connection-state=established disabled=no
comment="Allow Established connections" \
connection-state=established disabled=no
/ip firewall filter add action=accept chain=forward \
comment="Allow Forward from LOCAL Network" \
disabled=no src-address-list=\
"wirelessrouterproxy.blogspot.com client"
comment="Allow Forward from LOCAL Network" \
disabled=no src-address-list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall filter add action=accept chain=forward \
comment="Allow Forward from PROXY Network" \
disabled=no src-address-list=\
"wirelessrouterproxy.blogspot.com proxy"
comment="Allow Forward from PROXY Network" \
disabled=no src-address-list=\
"wirelessrouterproxy.blogspot.com proxy"
7. Selanjutnya buat address list untuk client anda…tujuannya hanya ip address yang di buat ini yang bisa terkoneksi ke internet…jika client anda melebihi sebanayak yang terdaftar di bawah ini…silahkan di tambah..sesuai dgn jumlah client anda….(Sesuaikan ip addresnya dengan jaringan anda):
/ip firewall address-list \
add address=192.168.35.2 \
comment="SQUID PROXY EXTERNAL" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com proxy"
add address=192.168.35.2 \
comment="SQUID PROXY EXTERNAL" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com proxy"
/ip firewall address-list \
add address=192.168.34.2 \
comment="CLIENT1" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.34.2 \
comment="CLIENT1" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall address-list \
add address=192.168.34.3 \
comment="CLIENT2" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.34.3 \
comment="CLIENT2" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall address-list \
add address=192.168.34.4 \
comment="CLIENT3" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.34.4 \
comment="CLIENT3" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall address-list \
add address=192.168.34.5 \
comment="CLIENT4" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.34.5 \
comment="CLIENT4" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall address-list \
add address=192.168.34.6 \
comment="CLIENT5" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.34.6 \
comment="CLIENT5" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall address-list \
add address=192.168.34.7 \
comment="CLIENT6" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.34.7 \
comment="CLIENT6" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall address-list \
add address=192.168.34.8 \
comment="CLIENT7" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.34.8 \
comment="CLIENT7" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall address-list \
add address=192.168.34.9 \
comment="CLIENT8" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.34.9 \
comment="CLIENT8" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall address-list \
add address=192.168.34.10 \
comment="CLIENT9" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.34.10 \
comment="CLIENT9" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall address-list \
add address=192.168.34.11 \
comment="CLIENT10" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.34.11 \
comment="CLIENT10" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
/ip firewall address-list \
add address=192.168.34.12 \
comment="CLIENT11" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.34.12 \
comment="CLIENT11" \
disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
8. Selanjutnya Firwall layer7,yang nanti nya untuk limit .exe .zip .rar dll:
/ip firewall layer7-protocol add name=YOUTUBE regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0\
-9][\\x09-\\x0d -~]*(content-type: video)"
-9][\\x09-\\x0d -~]*(content-type: video)"
/ip firewall layer7-protocol add name="EXE" \
regexp="\\.(exe)"
regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" \
regexp="\\.(rar)"
regexp="\\.(rar)"
/ip firewall layer7-protocol add name="7z" \
regexp="\\.(7z)"
regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" \
regexp="\\.(cab)"
regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" \
regexp="\\.(asf)"
regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" \
regexp="\\.(mov)"
regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" \
regexp="\\.(wmv)"
regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" \
regexp="\\.(mpg)"
regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" \
regexp="\\.(mpeg)"
regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" \
regexp="\\.(mkv)"
regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="ZIP" \
regexp="\\.(zip)"
regexp="\\.(zip)"
/ip firewall layer7-protocol add name="AVI" \
regexp="\\.(avi)"
regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" \
regexp="\\.(flv)"
regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" \
regexp="\\.(wav)"
regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" \
regexp="\\.(rm)"
regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" \
regexp="\\.(mp3)"
regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" \
regexp="\\.(mp4)"
regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" \
regexp="\\.(ram)"
regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" \
regexp="\\.(rmvb)"
regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" \
regexp="\\.(dat)"
regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" \
regexp="\\.(daa)"
regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" \
regexp="\\.(iso)"
regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" \
regexp="\\.(nrg)"
regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" \
regexp="\\.(bin)"
regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" \
regexp="\\.(vcd)"
regexp="\\.(vcd)"
9. Selanjutanya Mangle…….
A. Mangle Suid Hit:
/ip firewall mangle add action=mark-packet \
chain=forward comment="SQUID PROXY HIT" \
disabled=no dscp=12 \
new-packet-mark="PROXY HIT" passthrough=no
chain=forward comment="SQUID PROXY HIT" \
disabled=no dscp=12 \
new-packet-mark="PROXY HIT" passthrough=no
Mangle Squid koneksi dan squid Paket:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="BROWSING SQUID" disabled=no \
dst-address-list="!wirelessrouterproxy.blogspot.com client" \
dst-port=80,443 new-connection-mark="SQUID KONEKSI" \
passthrough=yes protocol=tcp \
src-address-list="wirelessrouterproxy.blogspot.com proxy"
chain=prerouting comment="BROWSING SQUID" disabled=no \
dst-address-list="!wirelessrouterproxy.blogspot.com client" \
dst-port=80,443 new-connection-mark="SQUID KONEKSI" \
passthrough=yes protocol=tcp \
src-address-list="wirelessrouterproxy.blogspot.com proxy"
/ip firewall mangle add action=mark-packet \
chain=forward comment="SQUID PAKET" \
connection-mark="SQUID KONEKSI" disabled=no \
new-packet-mark="SQUID PAKET" passthrough=no
chain=forward comment="SQUID PAKET" \
connection-mark="SQUID KONEKSI" disabled=no \
new-packet-mark="SQUID PAKET" passthrough=no
B. Mangle Semua koneksi masuk dan koneksi keluar:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="TANDA SEMUA KONEKSI" disabled=no \
dst-address-list="!wirelessrouterproxy.blogspot.com client" \
in-interface=local new-connection-mark="SEMUA KONEKSI MASUK" \
passthrough=yes
chain=prerouting comment="TANDA SEMUA KONEKSI" disabled=no \
dst-address-list="!wirelessrouterproxy.blogspot.com client" \
in-interface=local new-connection-mark="SEMUA KONEKSI MASUK" \
passthrough=yes
/ip firewall mangle add action=mark-connection \
chain=forward disabled=no \
new-connection-mark="SEMUA KONEKSI KELUAR" \
out-interface=local passthrough=yes \
src-address-list="!wirelessrouterproxy.blogspot.com client" \
comment="SEMUA KONEKSI KELUAR"
chain=forward disabled=no \
new-connection-mark="SEMUA KONEKSI KELUAR" \
out-interface=local passthrough=yes \
src-address-list="!wirelessrouterproxy.blogspot.com client" \
comment="SEMUA KONEKSI KELUAR"
/ip firewall mangle add chain=prerouting \
action=mark-packet new-packet-mark="SEMUA PAKET_MASUK"\
action=mark-packet new-packet-mark="SEMUA PAKET_MASUK"\
passthrough=yes connection-mark="SEMUA KONEKSI MASUK" \
comment="SEMUA PAKET MASUK"
comment="SEMUA PAKET MASUK"
/ip firewall mangle add chain=forward \
action=mark-packet new-packet-mark="SEMUA PAKET KELUAR" \
passthrough=yes connection-mark="SEMUA KONEKSI KELUAR"
comment="SEMUA PAKET KELUAR"
action=mark-packet new-packet-mark="SEMUA PAKET KELUAR" \
passthrough=yes connection-mark="SEMUA KONEKSI KELUAR"
comment="SEMUA PAKET KELUAR"
C. Mangle Browsing koneksi yang koneksi dari semua koneksi masuk:
/ip firewall mangle add action=mark-connection chain=prerouting \
comment="BROWSING CLIENT" \
connection-mark="SEMUA KONEKSI MASUK" disabled=no \
new-connection-mark="BROWSING KONEKSI" \
passthrough=yes protocol=tcp
comment="BROWSING CLIENT" \
connection-mark="SEMUA KONEKSI MASUK" disabled=no \
new-connection-mark="BROWSING KONEKSI" \
passthrough=yes protocol=tcp
D. Mangle Koneksi ICMP dengan dscp1:
/ip firewall mangle add action=mark-connection \
chain=postrouting disabled=no dscp=1 \
new-connection-mark="ICMP KONEKSI" passthrough=yes \
comment="ICMP KOMEKSI"
chain=postrouting disabled=no dscp=1 \
new-connection-mark="ICMP KONEKSI" passthrough=yes \
comment="ICMP KOMEKSI"
E. Mangle Game koneksi yang koneksi dari semua koneksi masuk:
F. Mangle Pointblank,Poker,dan RF online,jika anda ingin memasukkan game lainnya silahkan cari port game tersebut:
F. Mangle Pointblank,Poker,dan RF online,jika anda ingin memasukkan game lainnya silahkan cari port game tersebut:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="POINT BLANK" \
connection-mark="SEMUA KONEKSI MASUK" \
disabled=no dst-port=40000-40010 \
new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=udp
chain=prerouting comment="POINT BLANK" \
connection-mark="SEMUA KONEKSI MASUK" \
disabled=no dst-port=40000-40010 \
new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=udp
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="POKER" \
connection-mark="SEMUA KONEKSI MASUK" \
disabled=no dst-port=9339,843 \
new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
chain=prerouting comment="POKER" \
connection-mark="SEMUA KONEKSI MASUK" \
disabled=no dst-port=9339,843 \
new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="RF ONLINE" \
connection-mark="SEMUA KONEKSI MASUK" disabled=no \
dst-port=10001,10002,10003,10004,10005,10006,10007 \
new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=udp
chain=prerouting comment="RF ONLINE" \
connection-mark="SEMUA KONEKSI MASUK" disabled=no \
dst-port=10001,10002,10003,10004,10005,10006,10007 \
new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=udp
G. Mangle ICMP PAKET:
/ip firewall mangle add action=mark-packet \
chain=postrouting connection-mark="ICMP KONEKSI" \
disabled=no new-packet-mark="ICMP PAKET" passthrough=no \
comment="ICMP PAKET"
chain=postrouting connection-mark="ICMP KONEKSI" \
disabled=no new-packet-mark="ICMP PAKET" passthrough=no \
comment="ICMP PAKET"
H. Selanjutnya mangle Game Paket:
/ip firewall mangle add action=mark-packet \
chain=forward comment="SEMUA GAME DIPAKETKAN" \
connection-mark="GAME KONEKSI" disabled=no \
new-packet-mark="GAME PAKET" passthrough=no
chain=forward comment="SEMUA GAME DIPAKETKAN" \
connection-mark="GAME KONEKSI" disabled=no \
new-packet-mark="GAME PAKET" passthrough=no
I. Selanjutnya Bowsing paket:
/ip firewall mangle add action=mark-packet \
chain=forward comment="BROWSING PAKET" \
connection-bytes=0-131072 \
connection-mark="BROWSING KONEKSI" \
disabled=no new-packet-mark="BROWSING PAKET" \
passthrough=no protocol=tcp
chain=forward comment="BROWSING PAKET" \
connection-bytes=0-131072 \
connection-mark="BROWSING KONEKSI" \
disabled=no new-packet-mark="BROWSING PAKET" \
passthrough=no protocol=tcp
J. Change dscp ICMP dan Port 53:
/ip firewall mangle add action=change-dscp \
chain=postrouting comment="ICMP CHANGE DSCP" \
disabled=no new-dscp=1 protocol=icmp
chain=postrouting comment="ICMP CHANGE DSCP" \
disabled=no new-dscp=1 protocol=icmp
/ip firewall mangle add action=change-dscp \
chain=postrouting disabled=no dst-port=53 new-dscp=1 \
protocol=udp
chain=postrouting disabled=no dst-port=53 new-dscp=1 \
protocol=udp
/ip firewall mangle add action=change-dscp \
chain=postrouting disabled=no dst-port=53 new-dscp=1 \
protocol=tcp
chain=postrouting disabled=no dst-port=53 new-dscp=1 \
protocol=tcp
K. Mangle Extention file seperti .zip .rar .flv .exe dll :
/ip firewall mangle add action=mark-connection \
chain=forward comment="EXTENTION KONEKSI" \
disabled=no in-interface=local \
new-connection-mark="EXTENTION KONEKSI" \
passthrough=yes
chain=forward comment="EXTENTION KONEKSI" \
disabled=no in-interface=local \
new-connection-mark="EXTENTION KONEKSI" \
passthrough=yes
/ip firewall mangle add action=mark-packet \
chain=forward comment="YOUTUBE MARK" \
connection-mark="EXTENTION KONEKSI" disabled=no \
new-packet-mark="YOUTUBE" passthrough=no
chain=forward comment="YOUTUBE MARK" \
connection-mark="EXTENTION KONEKSI" disabled=no \
new-packet-mark="YOUTUBE" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="WMV MARK" \
connection-mark="EXTENTION KONEKSI" disabled=no \
new-packet-mark="WMV" passthrough=no
chain=forward comment="WMV MARK" \
connection-mark="EXTENTION KONEKSI" disabled=no \
new-packet-mark="WMV" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="EXE MARK" \
connection-mark="EXTENTION KONEKSI" disabled=no \
new-packet-mark="EXE" passthrough=no
chain=forward comment="EXE MARK" \
connection-mark="EXTENTION KONEKSI" disabled=no \
new-packet-mark="EXE" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="ZIP MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="ZIP" passthrough=no
chain=forward comment="ZIP MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="ZIP" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="RAR MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="RAR" passthrough=no
chain=forward comment="RAR MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="RAR" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="MPG MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="MPG" passthrough=no
chain=forward comment="MPG MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="MPG" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="MPEG MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="MPEG" passthrough=no
chain=forward comment="MPEG MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="MPEG" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="MP3 MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="MP3" passthrough=no
chain=forward comment="MP3 MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="MP3" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="MOV MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="MOV" passthrough=no
chain=forward comment="MOV MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="MOV" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="ISO MARK" disabled=no \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="ISO" \
passthrough=no
chain=forward comment="ISO MARK" disabled=no \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="ISO" \
passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="MKV MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="MKV" passthrough=no
chain=forward comment="MKV MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="MKV" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="FLV MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="FLV" passthrough=no
chain=forward comment="FLV MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="FLV" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="AVI MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="AVI" passthrough=no
chain=forward comment="AVI MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="AVI" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="CAB MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="CAB" passthrough=no
chain=forward comment="CAB MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="CAB" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="ASF MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="ASF" passthrough=no
chain=forward comment="ASF MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="ASF" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="WAV MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="WAV" passthrough=no
chain=forward comment="WAV MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="WAV" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="RM MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="RM" passthrough=no
chain=forward comment="RM MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="RM" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="RAM MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="RAM" passthrough=no
chain=forward comment="RAM MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="RAM" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="RMVB MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="RMVB" passthrough=no
chain=forward comment="RMVB MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="RMVB" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="DAT MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="DAT" passthrough=no
chain=forward comment="DAT MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="DAT" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="DAA MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="DAA" passthrough=no
chain=forward comment="DAA MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="DAA" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="NRG MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="NRG" passthrough=no
chain=forward comment="NRG MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="NRG" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="BIN MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="BIN" passthrough=no
chain=forward comment="BIN MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="BIN" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment="VCD MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="VCD" passthrough=no
chain=forward comment="VCD MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="VCD" passthrough=no
L. Mangle Paket client (sesuaikan Ip addressnya dengan ip address client jaringan anda):
/ip firewall mangle add action=mark-packet \
chain=forward comment="CLIENT1" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.2 \
new-packet-mark="CLIENT1" \
passthrough=no protocol=tcp
chain=forward comment="CLIENT1" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.2 \
new-packet-mark="CLIENT1" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment="CLIENT2" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.3 \
new-packet-mark="CLIENT2" \
passthrough=no protocol=tcp
chain=forward comment="CLIENT2" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.3 \
new-packet-mark="CLIENT2" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment="CLIENT3" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.4 \
new-packet-mark="CLIENT3" \
passthrough=no protocol=tcp
chain=forward comment="CLIENT3" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.4 \
new-packet-mark="CLIENT3" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment="CLIENT4" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.5 \
new-packet-mark="CLIENT4" \
passthrough=no protocol=tcp
chain=forward comment="CLIENT4" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.5 \
new-packet-mark="CLIENT4" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment="CLIENT5" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.6 \
new-packet-mark="CLIENT5" \
passthrough=no protocol=tcp
chain=forward comment="CLIENT5" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.6 \
new-packet-mark="CLIENT5" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment="CLIENT6" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.7 \
new-packet-mark="CLIENT6" \
passthrough=no protocol=tcp
chain=forward comment="CLIENT6" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.7 \
new-packet-mark="CLIENT6" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment="CLIENT7" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.8 \
new-packet-mark="CLIENT7" \
passthrough=no protocol=tcp
chain=forward comment="CLIENT7" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.8 \
new-packet-mark="CLIENT7" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment="CLIENT8" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.9 \
new-packet-mark="CLIENT8" \
passthrough=no protocol=tcp
chain=forward comment="CLIENT8" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.9 \
new-packet-mark="CLIENT8" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment="CLIENT9" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.10 \
new-packet-mark="CLIENT9" \
passthrough=no protocol=tcp
chain=forward comment="CLIENT9" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.10 \
new-packet-mark="CLIENT9" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment="CLIENT10" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.11 \
new-packet-mark="CLIENT10" \
passthrough=no protocol=tcp
chain=forward comment="CLIENT10" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.11 \
new-packet-mark="CLIENT10" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment="CLIENT11" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.12 \
new-packet-mark="CLIENT11" \
passthrough=no protocol=tcp
chain=forward comment="CLIENT11" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.12 \
new-packet-mark="CLIENT11" \
passthrough=no protocol=tcp
10. Queue Tree
A. Queue tree ICMP prioritas ke 1:
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name="ICMP PING" \
packet-mark="ICMP PAKET" parent=public priority=1 \
queue="default"
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name="ICMP PING" \
packet-mark="ICMP PAKET" parent=public priority=1 \
queue="default"
B. Queue Squid Hit Prioritas ke 2:
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name="SQUID HIT" \
packet-mark="PROXY HIT" parent=local priority=2 \
queue=default
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name="SQUID HIT" \
packet-mark="PROXY HIT" parent=local priority=2 \
queue=default
C. Queue Limit Extention prioritas ke 3 (jika anda ingin melimit yang berbeda silahkan ubah max-limitnya):
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=1000000 \
name="LIMIT FILE EXTENTION" parent=global-out priority=3
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=1000000 \
name="LIMIT FILE EXTENTION" parent=global-out priority=3
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name="AVI" packet-mark=AVI parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name="AVI" packet-mark=AVI parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="EXE" packet-mark="EXE" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="EXE" packet-mark="EXE" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name="FLV" packet-mark="FLV" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name="FLV" packet-mark="FLV" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="YOUTUBE" packet-mark="YOUTUBE" \
parent="LIMIT FILE EXTENTION" priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="YOUTUBE" packet-mark="YOUTUBE" \
parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="ISO" packet-mark=iso parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="ISO" packet-mark=iso parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 name="MP3" \
packet-mark="MP3" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 name="MP3" \
packet-mark="MP3" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 name="MP4" \
packet-mark="MP4" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 name="MP4" \
packet-mark="MP4" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name="MPEG" packet-mark="MPEG" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name="MPEG" packet-mark="MPEG" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name="MPG" packet-mark="MPG" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name="MPG" packet-mark="MPG" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="RAR" packet-mark="RAR" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="RAR" packet-mark="RAR" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name="WMV" packet-mark="WMV" \
parent="LIMIT FILE EXTENTION" priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name="WMV" packet-mark="WMV" \
parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="ZIP" packet-mark="ZIP" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="ZIP" packet-mark="ZIP" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="CAB" packet-mark="CAB" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="CAB" packet-mark="CAB" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="ASF" packet-mark="ASF" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="ASF" packet-mark="ASF" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="MOV" packet-mark="MOV" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="MOV" packet-mark="MOV" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="MKV" packet-mark="MKV" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="MKV" packet-mark="MKV" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="WAV" packet-mark="WAV" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="WAV" packet-mark="WAV" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="RM" packet-mark="RM" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="RM" packet-mark="RM" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="RAM" packet-mark="RAM" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="RAM" packet-mark="RAM" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="RMVB" packet-mark="RMVB" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="RMVB" packet-mark="RMVB" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="DAT" packet-mark="DAT" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="DAT" packet-mark="DAT" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="DAA" packet-mark="DAA" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="DAA" packet-mark="DAA" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="NRG" packet-mark="NRG" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="NRG" packet-mark="NRG" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="BIN" packet-mark="BIN" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="BIN" packet-mark="BIN" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="VCD" packet-mark="VCD" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="VCD" packet-mark="VCD" parent="LIMIT FILE EXTENTION" \
priority=3 queue=default
D. Queue tree Semua Upload Prioritas ke 4 :
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="+++TOTAL UPLOAD+++" \
packet-mark="SEMUA PAKET MASUK" \
parent=public priority=4 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="+++TOTAL UPLOAD+++" \
packet-mark="SEMUA PAKET MASUK" \
parent=public priority=4 queue=default
E. Total download Prioritas ke 5 :
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="+++TOTAL DOWNLOAD+++" packet-mark="SEMUA PAKET KELUAR" \
parent=global-out priority=5
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="+++TOTAL DOWNLOAD+++" packet-mark="SEMUA PAKET KELUAR" \
parent=global-out priority=5
F. Game download Prioritas ke 6 :
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="GAME DOWNLOAD" packet-mark="GAME PAKET" \
parent="+++TOTAL DOWNLOAD+++" priority=6 \
queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="GAME DOWNLOAD" packet-mark="GAME PAKET" \
parent="+++TOTAL DOWNLOAD+++" priority=6 \
queue=default
G. Queue Browsing Paket Priority ke 7
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="BROWSING PAKET" packet-mark="BROWSING PAKET" \
parent="+++TOTAL DOWNLOAD+++" priority=7 queue=default
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name="BROWSING PAKET" packet-mark="BROWSING PAKET" \
parent="+++TOTAL DOWNLOAD+++" priority=7 queue=default
Queue tree Total download client priority8
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD CLIENT+++" \
parent="+++TOTAL DOWNLOAD+++" priority=8
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD CLIENT+++" \
parent="+++TOTAL DOWNLOAD+++" priority=8
H. Queue tree client priority8
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT1" packet-mark="CLIENT1" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT1" packet-mark="CLIENT1" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT2" packet-mark="CLIENT2" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT2" packet-mark="CLIENT2" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT3" packet-mark="CLIENT3" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT3" packet-mark="CLIENT3" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT4" packet-mark="CLIENT4" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT4" packet-mark="CLIENT4" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT5" packet-mark="CLIENT5" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT5" packet-mark="CLIENT5" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT6" packet-mark="CLIENT6" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT6" packet-mark="CLIENT6" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT7" packet-mark="CLIENT7" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT7" packet-mark="CLIENT7" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT8" packet-mark="CLIENT8" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT8" packet-mark="CLIENT8" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT9" packet-mark="CLIENT9" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT9" packet-mark="CLIENT9" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT10" packet-mark="CLIENT10" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT10" packet-mark="CLIENT10" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT11" packet-mark="CLIENT11" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT11" packet-mark="CLIENT11" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
Sekarang percobaan …..saya coba youtube
Buka youtube.com..dan cari video kesukaan anda..yang belum pernah di putar..dan belum pernah di cache squid external proxy anda
Buka youtube.com..dan cari video kesukaan anda..yang belum pernah di putar..dan belum pernah di cache squid external proxy anda
No comments:
Post a Comment